Cybersecurity draft significantly altered

Sweeping cybersecurity legislation introduced by Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, in April has undergone major changes during the August recess and now features a more prominent focus on ensuring that the U.S. government and private sector have a properly trained workforce to thwart high-tech threats.

A revised version of the bill sent to Commerce and Intelligence committee aides late last week "captures a lot of the input we've received since its introduction" but is still a draft and has not been approved at the member level, Rockefeller aide Chan Lieu said in an e-mail to colleagues obtained by CongressDaily.

A separate e-mail from Commerce Committee General Counsel Bruce Andrews said the panel is aiming for a hearing and a markup in September or October.

High up in the reworked document are provisions instructing the Commerce secretary to work with the White House Office of Personnel Management to train and certify government cyber professionals. Under the proposal, uncertified individuals could not represent themselves as such nor could uncertified service providers handle critical infrastructure information systems or networks.

A new section would require the head of each federal department to develop an annual workforce plan that includes hiring projections, short- and long-term planning to address skill deficiencies, recruitment strategies and an analysis of barriers to recruitment.

Agencies would also have to measure and collect information on cybersecurity hiring effectiveness.

The original bill's provision that called for the creation of a National Science Foundation scholarship program is preserved with a $50 million authorization for FY10 that increases incrementally to $70 million by FY14.

Also included is a $15 million annual authorization over the same period for the National Institute of Standards and Technology to conduct competitions and challenges to woo students into cybersecurity careers.

One of the bill's most contentious provisions, which high-tech policy watchers argued would give the White House the power to effectively turn off the Internet during a cyber crisis, has been substantially curtailed.

The section would have allowed the president in a cyber emergency to "order the limitation or shutdown of Internet traffic" to and from any compromised government or U.S. critical infrastructure information system or network.

The new proposal directs the president to work with industry during a cyber emergency on a national response as well as the timely restoration of affected networks.

Absent from the revised language is a requirement that an advisory panel ensure national security would not be compromised before approving the renewal or modification of a contract between the U.S. government and the entity that oversees global Internet addresses.

A section that directed the National Telecommunications and Information Administration to develop a strategy for secure domain name addresses was also removed.

The reworked draft changes what was a quadrennial cyber review into a biennial affair beginning in 2013 to review "the cyber posture of the United States, including an unclassified summary of roles, missions, accomplishments, plans, and programs." Consistent with the original measure, the draft would set up a cybersecurity advisory panel of representatives from industry; academia; nonprofit organizations; interest and advocacy groups, and state and local governments.

It would also create state and regional cybersecurity enhancement programs as well as a threat and vulnerability clearinghouse for the government and the private sector. The initial bill specified that the Commerce Department would serve as home to the clearinghouse but the latest version leaves its designation vague.

Other provisions would require a comprehensive analysis of the federal statutory and legal framework applicable to cyber-related activities in the United States and a joint intelligence threat assessment by the Office of the Director of National Intelligence and the Commerce and Homeland Security secretaries.